Louisiana-based medical association Lafourche Medical Group and the Department of Health and Human Services have reached a $480,000 settlement for a cyberattack in 2021 that resulted in the compromise of protected health information from 34,862 individuals, according to The Record, a news site by cybersecurity firm Recorded Future.
The settlement, which is the first resolved deal involving phishing that resulted in Health Insurance Portability and Accountability Act violations following Lafourche Medical Group's failure to ensure appropriate protections for PHI, also includes the adoption of a corrective plan detailing the continuous development, implementation, and revision of cyber policies, as well as establishment staff cyber training programs, that will be subjected to a two-year audit.
"It is imperative that the health care industry be vigilant in protecting its systems and sensitive medical records, which includes regular training of staff and consistently monitoring and managing system risk to prevent these attacks," said HHS OCR Director Melanie Fontes Rainer.
Such a development comes as the HHS moved to strengthen cybersecurity requirements for the healthcare sector.
The U.S. Department of Energy has introduced a new $45 million cybersecurity research grant aimed at strengthening the energy industry against increasingly prevalent and sophisticated cybersecurity threats.